Holiday scams are spiking: What shoppers need to watch for

Generative AI is the main culprit in this year’s rise, as it has made fraudulent content far more realistic, making scams easier to create and harder to spot. Cybersecurity and financial institutions have been reporting a surge in polished phishing attempts, cloned shopping sites, and deepfake social media ads for some time, and this is expected to grow further as we approach the holiday buying rush.

With end-of-year promotions and significant discounts, the appetite for purchase is heightened. Scammers are aware of the upcoming shopping rush and are planning to exploit unaware buyers to the fullest.

Here are the scams experts say will be most common as people search for bargains:

Lookalike digital storefronts

Scammers continue recreating legitimate shopping sites to harvest credit card details and sell fake or non-existent goods.

They typically deploy URLs that differ from the real ones by a single character, or add keywords such as country or city names to the URL to fool visitors. They then attract traffic through social media and search ads, and in some cases use phishing emails.

Websites like Amazon, Temu, and luxury brands are among the most frequently impersonated during the holidays. But the scams can go further, as many rising brands, like the Japanese clothing company Uniqlo, also face impersonation.

LLMs and autonomous AI agents are revolutionizing fraudsters’ ability to create convincing storefronts quickly. Chatbots generate product listings and promotional copy easily, AI agents write and deploy backend code, and image generation tools produce logos and realistic fake product photos.

Mastercard research shows the extent of the problem: 72% of shoppers made purchases from unfamiliar websites during the last holiday season, nearly 20% of those buyers never received their items, and 16% said they ended up with counterfeits.

Holiday deal phishing emails

Since retailers send promotional emails to inform their customers about upcoming sales, you should also anticipate a surge of fake emails that imitate them. These messages often closely resemble genuine brand emails and frequently direct recipients to cloned sites designed to steal login information.

Fraudsters are also sending fake refund alerts and bogus order-issue notifications. Such emails used to be easy to identify because they often sounded strange with many grammatical and spelling errors, but with AI writing tools, this has changed, as scammers now craft messages very similar to real brand communications.

Delivery and shipping scam texts

After making online purchases, shoppers usually closely monitor their shipments to ensure everything is in order. Scammers also take advantage of this by sending fake texts, exploiting shoppers’ eagerness to track packages.

These messages often play on the shoppers’ anxiety, claiming a missed delivery or requesting extra fees to confirm an address. Some even ask for personal information, such as national IDs and passports.

Fraudsters may direct users to counterfeit tracking pages styled to look like primary parcel delivery services, including national networks and regional private companies like Aramex. Sometimes, they even hide malware behind a “tracking” link.

Deepfake social media ads

Scammers are now using generative AI to create realistic promotional videos for fake stores. Some of the most outrageous showcases AI-generated old artisans claiming to be mom-and-pop shops that are closing down and offering promotional prices on their “hand-made luxury products.”

Additionally, AI cloning tools can imitate voices and faces to steal the likeness of real people, especially celebrities, to pitch bogus discounts on social media, pushing shoppers toward counterfeit storefronts.

Naturally, all of the scams mentioned above are common in today’s cyber landscape, and shoppers can encounter them at any time of year. However, during specific periods, such as Ramadan or the end-of-year holiday season, scammers exploit surges in activity on e-commerce platforms to target victims more aggressively. This means shoppers need to pay even closer attention to avoid falling for these schemes.